2.9 Protecting Yourself from Viruses

Previous page
Table of content
Next page
Team-Fly    
 
Malicious Mobile Code: Virus Protection for Windows
By Roger A. Grimes
Table of Contents
Chapter 2.  DOS Computer Viruses
2.9 Protecting Yourself from Viruses

After every virus cleanup comes the process of preventing it from happening again in the first place. For DOS viruses, try the following steps.

1. Disable booting from the floppy diskette drive.

Go into your ROM BIOS and disable booting from drive A. It's the easiest , single biggest thing you can do to decrease your risk of boot virus infection. If your PC can't boot from the floppy drive, it can't get an infection from a pure boot virus. And since most boot viruses don't come in from dropper or multipartite infectors, you've just about eliminated the threat. When I first tell people to do this step, they almost always ask what should they do if they need to boot from the floppy drive in the future (e.g., to scan for a computer virus)? Easy. Just reenable it. It takes 15 seconds.

2. Use ROM BIOS to write-protect the hard drive's boot areas.

Today, most ROM BIOS chips allow you to write-protect your hard drive's boot areas. I've seen it called "Virus Protection" or "Boot Sector Write Protection." It's an easy feature to turn on and off. Typically, you don't need to modify a PC's boot records unless you are repartitioning the hard drive or upgrading the operating system. I have seen a few cases where legitimate programs (e.g., Norton Disk Doctor) needed to write to the MBR or operating boot sector and were prevented by the ROM BIOS. It's a little disconcerting to see a "Possible Virus Attempting to Modify Your Hard Drive's Boot Sector" error message when you are installing a new program, but typically after I assess what I'm attempting to do, or more accurately, what the legitimate program is attempting to do, I allow the modification to take place. However, if you are installing a new game or utility off the Internet and it tries to modify your boot sector, it's probably best if you don't allow it.

3. Never run an untrusted executable.

Friends send me joke executables all the time in emails. I'm supposed to run the attached program and be hilariously entertained. I never run an untrusted executable. I cannot tell whether or not the attached program is a file containing a virus or Trojan program. By untrusted, I mean that the source who sent me the file didn't write it or hasn't independently verified its entire functionality. That includes nearly every executable I'm sent by a friend over the Internet. Hearing your friend say that it hasn't formatted his hard drive yet isn't conclusive proof of safety. I've been to many companies who didn't take this advice seriously until it was too late. Never run an untrusted executable! Make it a habit. Don't make exceptions. Later on in Chapter 12 you'll learn how to automatically prevent untrusted code types from entering via email.

4. Write-protect floppy diskettes.

Enable the write-protection tab on any floppy diskettes that should not be written to. As a full-time consultant, I'm always toting around a satchel of utility diskettes to play computer doctor. I make sure all my diskettes are write-protected. That way I don't get infected and I can't be blamed for spreading any infections. During 1999, I saw a lot of companies conducting Year 2000 audits that ended up spreading viruses everywhere. Often, the people doing the virus checking are infected. Usually, the infection started out with just a few PCs. But then someone suggested that every PC be checked for computer viruses. Unfortunately, the person doing all the checking had an infected diskette. By the time I've arrived, everyone is amazed at how fast the virus has spread and how every PC they've checked is infected. I could make this stuff up, but I don't have to.

5. Pop out your floppy diskettes when shutting down the PC.

Get in a habit of popping out all your floppy diskettes before you power down. Whenever I shut down a PC, I do a quick, unconscious, look at the floppy disk drive. If I see a diskette in the floppy drive, I pop it out. That way if the particular PC I'm on is able to boot to the floppy drive, I've prevented a possible avenue of infection on reboot.

6. Scan foreign diskettes prior to usage.

Whenever someone who doesn't follow the same rigorous malicious code rules as I -- that's nearly everyone -- sends me a floppy diskette, I do a quick scan on it prior to saving or retrieving files. Often a good virus scanner will be active in memory and automatically scan any accessed floppy diskettes without user intervention. I've discovered a lot of viruses this way and I've been able to alert the user before any further damage was done.

7. Never boot from an unknown floppy diskette.

Lastly, never boot from a diskette that you haven't scanned. Common sense, I know. Recently, I received a bootable diskette from a vendor to be used to identify which particular video chip set a PC had installed. It was infected with a rather nasty virus that I would have otherwise passed onto my entire network had I simply trusted the vendor to make sure his diskettes were virus free. In over 10 years of computing, I've received more than my fair share of vendor letters apologizing that the latest bug fix disk had a virus on it.

Team-Fly    
Top

Previous page
Table of content
Next page
Malicious Mobile Code. Virus Protection for Windows
Malicious Mobile Code: Virus Protection for Windows (OReilly Computer Security)
ISBN: 156592682X
EAN: 2147483647
Year: 2001
Pages: 176
Authors: Roger A. Grimes
BUY ON AMAZON
Image Processing with LabVIEW and IMAQ Vision
Systematic Software Testing (Artech House Computer Library)
The Complete Cisco VPN Configuration Guide
AutoCAD 2005 and AutoCAD LT 2005. No Experience Required
The Lean Six Sigma Pocket Toolbook. A Quick Reference Guide to Nearly 100 Tools for Improving Process Quality, Speed, and Complexity
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy